But not providing hashes and using a two stage downloader and not using ssl and using auto updates and not using code signing means that your app will now be the weakest link in terms of security for all but the worst configured computers.
While it's almost certain no one is targeting you or your users now, that could change when people see such a weakness or could leave people open to local attackers that you'll never have a chance to notice.
It's early and we honestly didn't think down those lines. Ultimately, the deployment mechanism will look different than this, but this was the path of least resistance. At the very least though we can do a few of these things to remove some of the danger - we'll get on it.
Yeah, I am not that exercised about the security risk but it made a really bad first impression. I primarily use Windows, I wouldn't mind so much if I were Unix-based. Also, installing it in my Documents folder under Windows is weird.
On the plus side, I like the prototype itself and will be interested to see where it goes.
If anyone is going to update their software manually, surely it's going to be HN/code editor users (I know I do). And anyway, it's a preview release that people won't be using as their main editor anyway. Install, play around, uninstall.
The script that you download and execute goes back out to the internet to download the real executable, so it makes it (somewhat) difficult to review beforehand or to make sure you're running the official version
I think PG did comment on a subsequent post asking why post on subject was taken down. I am not sure if commenting on a soon-to-be-killed post constitutes an official comment though, perhaps it was decided there is no need since according to policy meta-concerns should be dealt with using email.
So instead of having a thread pop up to address meta-concerns, they have to be dealt with privately causing any front page title change to now have 10-20 comments at the top discussing the title change. All the actual discussion about the article is well beneath the fold now
>Hopefully the mystery will bring more people in? haha ;)
I know that's why people use mysterious titles, but trust me - that's done, it's over, it's the old and busted of social news.
It's one of those things that may have worked when social news was new and interesting and still a novelty, and people would click all sorts of stuff wily-nily just to see what neat treasure lies underneath.
But we're all over that, and now what we're dealing with is information overload - how to manage the signal:noise ratio in the information we consume and maximize the signal.
The expectation of informative titles is a key part of that, so all mysterious titles do now now is piss people off for making them click to see what the article was about, instead of just telling them in the submission title, which is what it's for.
You as a submitter (or advertiser, I've seen studies on this for SEM) are much better served writing a concrete, informative title. You may have less clickthroughs (but sometimes more - specifics are very effective), but every single one of them will be someone interested in whatever you linked to (or are selling, in the latter case), more likely to read, buy, participate, etc., and less likely to close the window annoyed at having been tricked into wasting a few seconds and attention on something they don't care about.
I clicked on this when it was still Light Table Playground and that was interesting to me, but "It's Playtime"? What the hell is that? It doesn't tell me anything at all about the article and I only figured it out by clicking on the comments.
I don't see anything wrong with having a title that is different than the source's title if it gives CONTEXT, which it did in this case.
The new title is definitely better, imho. I hate titles that keep me guessing about what the article is actually about.
"It's Playtime" has zero informative value. At least with the edit I now know it's about Light Table, and can click or skip as necessary and not waste any cycles guessing, or clicking and finding it's something I'm not interested in.
Uninformative titles are a plague. Concrete titles (and concrete language in general, but that's a whole nother blog post) are always better than vague ones, no matter how catchy, cutesy, or kitschy you may think it is.
Is there any interesting piece of code that might help me see this working to its true potential? I tried the factorial function expecting it to show all the recursive calls. What can I expect to see here? Call trace over multiple functions?
EDIT: Just tried this , atleast this shows the last calls made to the functions
(defn my-add [a b]
(+ a b))
(if (<= x 1) 1 (* x (fact (- x 1)) )))
Alas it has issues. I tried to install, with the initial commands not working. Downloaded the script myself, set execution policy and it stated running. Download issues arise (probably due to being behind a proxy requiring authentication) and after a few minutes the script managed to remove itself.
I will try again when I have a real internet connection.
A quick search failed me but I am pretty sure my question has been discussing elsewhere, in which case I would appreciate a redirect/summary. Is there a difference between LightTable and Emacs' eval-last-sexp and similar functions? What is LightTable supposed to add? besides support for Clojure.
It seems as if every single key press, whether or not it affects the output (for example, writing in a comment or hitting enter to reorganize and space out code) causes every single function to be evaluated again.
You can test this out by adding something like this...
(time (+ 1 1))
...and start typing in a comment on a new line and seeing how the elapsed time that is outputted changes on every single key press. Performance optimizations are probably not as important right now, but that's something that can be improved.
Still, as a basic test of the concept, it looks pretty interesting overall and I can see myself using this. As long as the idea is sound, everything else can be improved over time. Keep it up!
>So it's looking for Chrome, a closed source browser that I'd never use, instead of Chromium. Too bad.
You are of course free to use or not use anything you like, but the above sounds entitled and self-centered. At this point, who the duck cares if YOU are "never gonna use a closed source browser"?
It's a post about a new editor in a pre-pre-alpha stage. Something like "Seems to be requiring Chrome. Why such a restriction?" would be far better, no entitlement, no open/closed source zealotry, not tied to specific personal preferences regarding source license, etc.
--- Checking for updates...
--- Starting server... (this takes several seconds)
nohup: redirecting stderr to stdout
--- Server up!
--- Starting Chrome
But then I get a blank window in Chrome pointing to http://localhost:8833/. If I reload, it loads forever. I've stopped and started it a few times, and once I got a dark background, another time I got some Clojure code loaded as plain text.
Running this on Ubuntu 12.04 amd64. It happens with OpenJDK (Java 6), OpenJDK (Java 7) and Sun (Java 6).
Is there an easy way to get the editor to evaluate a different language? It's just I don't really use lisp but would like to try it out properly. I've tried poking about int he ./light script but don't see anything.
Fantastic software by the way. Could really see this having a big impact on a lot of people's development style.
Hi, I'm a beginner programmer, I've played around with learning Lisp various time & just started the 4clojure problems. I was having issues getting a nice workflow going & getting diverted with IDE issues etc. This is wonderful. Thanks.
Mostly due to the security risk. Especially on Windows. Even being a software developer (read: not your average computer user) and taking extra precautions (like click-to-run for java use in browsers) I've still gotten hit by malware that takes advantage of security holes in the Java runtime.
I think the issue will be compiling it for the CLR and then distributing it. The current script gets and runs a JAR, but I 'd imagine it would be relatively trivial to modify the script to run the CLR instead - but you'd have to build from the source included in the JAR (if it's all there...)
Haven't had much experience with it myself, it has been a while since I've played with Clojure.
VimClojure https://github.com/vim-scripts/VimClojure is something similar for vim. LightTable seems to focus on showing execution trace which isn't always desirable(a function that delete files, gets file over the network, does a lengthy computation etc). VimClojure provides you completions, repl, looking up doc, going to source etc.